Speak up for security

By Garry BarkerJune 25 2002
Next

If plans by Optus and an Irish technology company work out, Australians will
soon be able to "sign" their transactions with their voices. Initially the
technology is likely to be offered to corporate users to secure access to information,
but later could be opened to consumers for everyday transactions.

The system is based on making an electronic "picture" of a person's voice
to be stored on the mobile-phone company's database and used to identify individuals
in over-the-phone transactions with banks, sharebrokers and businesses.

Trust5, the Dublin-based company that has developed the technology, claims
the system is more secure and reliable than current methods of identification
such as PINs, birthdates and mother's names.

According to Optus' director of security applications, Bill Leakey, trials
will begin later this year.

"We believe that adding voice authentication to our suite of products could
provide great benefit to our corporate clients."");document.write("

advertisement

");
}
}
// -->

Behind the idea is the fact that huge numbers of Australians have mobiles and
the telephone handset is rapidly becoming the mobile terminal through which
people will obtain the services they need by communicating through a broadband
wireless network and an expanded Internet.

In pilot trials undertaken by Telstra, it is possible to buy a can of drink
and feed a parking meter simply by dialling its number on a mobile and paying
through the monthly phone bill.

In those applications, the user's identity is established by the SIM card in
the phone, but that is far from secure enough for serious financial transactions.
But, says Wayne Friedman, Australian chief executive for Trust5, everyone's
voice is as unique to them as their fingerprints and the pattern in the iris
of their eyes, two of the more common methods of biometric identification.

If a "print" of the voice is made and stored digitally it can be used as
a secure key to a variety of services, he said. "This is not voice recognition
but voice verification," he said. "Essentially it is an audio fingerprint
- a biometric.

"We recognise the voice itself, so that we know you are who you say you are.
We can do that categorically and that has major implications when you're talking
about digital signatures and non-repudiation of transactions," Friedman said.
"We believe it is far easier than any other means of identification. With fingerprints
or iris recognition the person must be present at a device. With voice verification
all you need is a phone."

Nor does it matter if the user has a cold or a mouthful of anaesthetic from
the dentist. In such cases the system makes more checks and requires a higher
level of verification by asking the user to repeat certain words or use specific
phrases.

Friedman said voice verification was part of an overall risk-management strategy
that was being developed in the mobile communications world. "If you are topping
up your phone card by $20 the bank may be happy with an 83 per cent reading.
But say it was a $500 transaction . . . we will want a 99 per cent reading,
so then we add something they know to add to the biometric, like a PIN."

Operational trials are under way with a financial institution and two mobile
networks in Europe and the system is expected to go live with them later this
year.